Remote Scans

Run rmap serve on any host that can reach your targets. The server accepts scan configurations and target streams from clients, runs the probes locally, and sends the results back over the same connection.

Start a worker

# Listen for scan requests from remote clients
rmap serve --addr 0.0.0.0:50051

--addr controls the gRPC endpoint that clients connect to.

Launch a remote scan

# Stream targets to a worker and collect the results locally
rmap scan --remote 10.0.0.18:50051 --path targets.txt icmp \
  --pps 1500 --output-file results.csv --columns target,alias

When --remote is set, the CLI sends the scan configuration (probe, packet rate, timeout, columns, etc.) to the worker, then streams targets read from --path. Replies are forwarded back to the local process so you can write results to disk, feed dashboards, or pipe them into additional tools.

Fan out to multiple workers

For large target sets, spin up several workers and run one scan command per worker with --budget or filtered input files. Each command operates independently, which makes it easy to spread the load across regions or cloud providers.

rmap scan --remote worker-a:50051 --path shard-a.txt tcp --port 443 --budget 200000
rmap scan --remote worker-b:50051 --path shard-b.txt tcp --port 443 --budget 200000

Getting Started Dealiasing